Salt (cryptography)

Here is an incomplete example of a salt value for storing passwords. This first table has two username and password combinations. The password is not stored.

Username Password
user1 password123
user2 password123

The salt value is generated at random and can be any length, in this case the salt value is 8 bytes long. The salt value is appended to the plaintext password and then the result is hashed, this is referred to as the hashed value. Both the salt value and hashed value are stored.

Username Salt value String to be hashed Hashed value = SHA256 (Password + Salt value)
user1 E1F53135E559C253 password123E1F53135E559C253 72AE25495A7981C40622D49F9A52E4F1565C90F048F59027BD9C8C8900D5C3D8
user2 84B03D034B409D4E password12384B03D034B409D4E B4B6603ABC670967E99C7E7F1389E40CD16E78AD38EB1468EC2AA1E62B8BED3A

As the table above illustrates, different salt values will create completely different hashed values, even when the plaintext passwords are exactly the same. Additionally, dictionary attacks are mitigated to a degree as an attacker cannot practically precompute the hashes. However, a salt cannot protect common or easily guessed passwords.

In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes data, a password or passphrase. Salts are used to safeguard passwords in storage. Historically a password was stored in plaintext on a system, but over time additional safeguards developed to protect a user's password against being read from the system. A salt is one of those methods.

A new salt is randomly generated for each password. In a typical setting, the salt and the password (or its version after key stretching) are concatenated and processed with a cryptographic hash function, and the resulting output (but not the original password) is stored with the salt in a database. Hashing allows for later authentication without keeping and therefore risking exposure of the plaintext password in the event that the authentication data store is compromised.

Salts defend against a pre-computed hash attack, e.g. rainbow tables.[1] Since salts do not have to be memorized by humans they can make the size of the hash table required for a successful attack prohibitively large without placing a burden on the users. Since salts are different in each case, they also protect commonly used passwords, or those users who use the same password on several sites, by making all salted hash instances for the same password different from each other.

Cryptographic salts are broadly used in many modern computer systems, from Unix system credentials to Internet security.

Salts are closely related to the concept of a cryptographic nonce.

最新文章

  1. Front End Developer Questions 前端开发人员问题(二)
  2. 分享一个UI与业务逻辑分层的框架(三)
  3. jade学习02
  4. Linux 常用命令笔记
  5. yii2怎样写规则可以隐藏url地址里的控制器名字
  6. 【转】如何优化Cocos2d-X游戏的内存
  7. 对C++ Primer的10.3.9单词转换的思考
  8. android安卓开发问题集 XMPP篇
  9. mahout算法源码分析之Collaborative Filtering with ALS-WR 并行思路
  10. JDK和JRE的差异和区别
  11. JavaScript基础学习(六)—函数
  12. SQL编程的一些良好好习惯
  13. Linux文件系统概述
  14. WIN10REALTEL高清音频管理器如何调音?调音无效怎么办?
  15. outlook2013 关闭时最小化到任务栏的完美解决方法
  16. Python3 网络爬虫(请求库的安装)
  17. Scala环境搭建及Intellij IDEA安装
  18. 吴恩达机器学习笔记24-神经网络的模型表示1(Model Representation of Neural Network I)
  19. Python学习之旅(二十二)
  20. 白鹭引擎 - 绘制圆形的进度条 ( graphics )

热门文章

  1. nodejs+express+mongodb 快速接口开发
  2. Liunx运维(六)-文件备份与压缩命令
  3. java斐波纳契数列
  4. ESP8266系列图片外观 Wi-Fi模块一共有01~14十多款模块
  5. 美团关于分布式ID实践方案细节
  6. JavaScript CMD规范
  7. sh -s用法
  8. JavaScript同步模式,异步模式及宏任务,微任务队列
  9. 三、hadoop、yarn安装配置
  10. java.io.NotSerializableException: org.apache.kafka.clients.consumer.ConsumerRecord